I am building a system using PHP & MSSQL and I have a part of the CMS that allows the owner to add users to it, and they wont the password encrypted before going into the database.
What is the best process for this, I have used md5 before but it doesnt seem to be the best way.
Is it then the case that the person who is being added has the normal password sent to him and its basically matched up with its encrypted self in the database, to allow them to log in correctly.
I think many people would agree that sending passwords in plain text to be bad practice.
Maybe you could try the link approach, similar to the way sites reset passwords.
You could send this link to the user, and they navigate to it and set up their own password.
This could even use the same code as the reset password page.
OK that sounds like a good idea, but the first bit I would like some advice on to, and that is the password being encrypted when they enter it before it goes into the database.
What porcess would you use, such as md5 etc, and if you have any opinions on it could you point me towards a script that you think would give me an idea of how to put it together, to encrypt it, and to be able to read it back using md5 or another process.
The process most people use nowadays in PHP is something like this:
CREATING A NEW USER
1. Users enters new password
2. In PHP, generate a random string, called a salt
3. In PHP, concatenate the user's password and the salt
4. In PHP, apply sha1 (or some other hashing, like in phpass)
5. Store the result of the hash function of step 4 and the salt generated in step 2 in the database
1. Users enters credentials (usually username/email and password combination)
2. Find the user in the database using username
3. Get the salt you stored with the user
4. Concatenate the password the user entered in step 1 and the salt obtained in step 3
5. Take the sha1 of the result obtained in point 4
6. If the result of the sha1 in step 5 matches the password entered by the user, the password is correct
For more info on salts see http://en.wikipedia.org/wiki/Salt_(cryptography)
PHPass is my preferred method for hashing passwords. Hashing functions like MD5 and SHA1 were never designed for password hashing and can be cracked fairly quickly. PHPass uses the mcrypt library, and it also handles all the salting/stretching needed.
i recommend you to use the build in function of mysql AES_ENCRYPT.this is the way how i use it:: AES_ENCRYPT($users_password,$users_password_as_the_key); by using users password as the key, it would be less likely to be cracked.
No it is not. Using a small key like the users password is not a good idea. Encryption is only as strong as the key that is used.
Thanks for all the responses, but wondered if someone can post some generic code so I can see it in action, remembering that Im using MSSQL database.
The story is:
The woner of this site creates the users from inside the cms, basically they do it and then hand the details out, so this is that page.
queryInsert="INSERT INTO x (Password)".
So thats the upload bit, very easy I know but just wanted to go through it. The owner then would like the password to be encrypted and sent to the database, and he will then hand write a letter to the new user with his/her new password on.
Then I have built a separate log in page:
$tsql = "SELECT * FROM Users where Live_User=1";
$stmt = sqlsrv_query($conn, $tsql);
if( $stmt === false )
echo "Error in executing query.</br>";
die( print_r( sqlsrv_errors(), true));
while($data = sqlsrv_fetch_array($stmt, SQLSRV_FETCH_ASSOC))
if ($username==$data['Username'] && $password==$data['Password'])
I understand the code for the salt encryption is pretty simple, but if someone could give me a start I be very grateful
Maybe this will be useful too..
//function to encrypt the string
$str=strrev(base64_encode($str)); //apply base64 first and then reverse the string
//function to decrypt the string
$str=base64_decode(strrev($str)); //apply base64 first and then reverse the string
You should never need to decrypt the password. Ever.
Encrypt input and use it as a comparison; don't decode your password to compare.
That is....very very very poor...don't even joke about using that.
Encrypting passwords is rather pointless since anyone who gains access to the encrypted passwords will generally also have access to the decryption code that they can then run to decrypt them all.
A better alsternative is to hash the passwirds using something like SHA256 or SHA512 so that there is no decryption routine that can be run.
i dont think so. by doing this, the key is changing always. because the hacker can somehow hack into the web server and see the php script. even hackers get database access, they still have no idea with how to crack password as every password is encrypted differently. that makes a hacker more work to do.
Clearly you never looked up brute force. It would take only minutes these days to brute force passwords.
yes, i looked at brute force which is a method of trying all possible keys. but in my method, every user has different password and so every account has different keys. that s a huge project to crack all the user password in the database. if you use other methods which only use one key, would make hackers easier to crack.
Thank you for your replying
Just stop, it doesn't matter if every user has a different key, to create a brute force against this is very easy todo. Not only that but creating a rainbow table is also possible.
As I have stated previously, encryption is only as strong as the key that is used. You are not using a strong key.
Thanks guys, will look into it and give it a go.
Have used md5 before, but think I need to look into a more secure way of handling things.
It's an interesting idea, but ultimately no different than a regular hash function. The user's password is the input, and a random, irreversible* string is the output.
* Strictly speaking, it is reversible, but only if you already know the original input string.
If I could "+1" or "upvote" replies, I'd vote for ScallioXTX's reply.
next page →